Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/of5RGMSyNs0zFFsqvtBEWTllGQM.roa
File:                     of5RGMSyNs0zFFsqvtBEWTllGQM.roa (raw, json)
Hash identifier:          guROoIP5mPOGBLO1Tpmmr/N6w/QrMU1VcI/VObiNI8s=
Subject key identifier:   A1:FE:51:18:C4:B2:36:CD:33:14:5B:2A:BE:D0:44:59:39:65:19:03
Certificate issuer:       /CN=118ba4ef901aac10876ccf976a5f7d16c4ca79f0
Certificate serial:       0193080405B6332EF6D56EDD86C0BD42B590
Authority key identifier: 11:8B:A4:EF:90:1A:AC:10:87:6C:CF:97:6A:5F:7D:16:C4:CA:79:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EYuk75AarBCHbM-Xal99FsTKefA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/of5RGMSyNs0zFFsqvtBEWTllGQM.roa
Signing time:             Thu 07 Nov 2024 19:05:01 +0000
ROA not before:           Thu 07 Nov 2024 19:05:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a03:5640::/36 maxlen: 48
                          2a03:5640:f000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/EYuk75AarBCHbM-Xal99FsTKefA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/EYuk75AarBCHbM-Xal99FsTKefA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EYuk75AarBCHbM-Xal99FsTKefA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 16:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:08:04:05:b6:33:2e:f6:d5:6e:dd:86:c0:bd:42:b5:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=118ba4ef901aac10876ccf976a5f7d16c4ca79f0
        Validity
            Not Before: Nov  7 19:05:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1fe5118c4b236cd33145b2abed0445939651903
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:34:b1:46:4b:63:b1:51:e6:b9:bb:2d:3d:c2:
                    f1:84:5e:ea:d4:3a:7a:05:b5:78:af:df:2b:87:6f:
                    2f:56:ee:94:a1:8a:db:de:fb:43:c5:be:1a:0a:7f:
                    6f:67:0d:fc:ad:08:86:0e:5d:06:06:d5:d7:31:fa:
                    22:dd:17:c1:05:ca:cb:a9:83:13:f2:93:79:ff:68:
                    8d:33:89:03:86:4d:03:a2:6c:96:f8:0a:cd:6b:dc:
                    34:38:f8:73:72:27:70:d4:3f:ed:0a:cb:04:28:2d:
                    b5:10:ca:87:a8:0b:54:9d:79:f2:d4:85:61:d7:82:
                    6b:83:07:30:c2:9c:e3:54:75:92:71:d8:c1:3f:54:
                    c2:7e:73:a4:a3:78:23:e6:21:00:c7:b9:72:94:1a:
                    e2:b2:56:67:73:7c:1f:2f:0d:77:bf:b7:60:87:58:
                    a6:27:48:87:10:b7:b8:8a:e3:87:16:16:10:98:84:
                    8e:63:38:da:f9:a3:71:eb:11:94:31:3c:14:0f:df:
                    c4:8b:30:b1:45:f8:59:d7:8d:3f:7f:6d:1c:fd:5e:
                    e2:2c:70:77:0e:6a:e0:63:cd:dd:d0:f8:18:a4:ff:
                    bd:d0:18:93:43:f3:77:97:5f:21:f9:d3:72:72:a0:
                    59:f5:b5:6f:85:fc:ea:0d:58:f9:0f:3f:8a:f6:cb:
                    86:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:FE:51:18:C4:B2:36:CD:33:14:5B:2A:BE:D0:44:59:39:65:19:03
            X509v3 Authority Key Identifier:
                keyid:11:8B:A4:EF:90:1A:AC:10:87:6C:CF:97:6A:5F:7D:16:C4:CA:79:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EYuk75AarBCHbM-Xal99FsTKefA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/of5RGMSyNs0zFFsqvtBEWTllGQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/EYuk75AarBCHbM-Xal99FsTKefA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5640::/36
                  2a03:5640:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         a3:3a:54:89:19:10:1c:f6:42:77:29:6c:21:97:ea:14:f1:a0:
         85:bd:a8:ef:10:a3:3e:16:78:3d:0f:57:fd:aa:c9:8e:5b:37:
         0c:dc:46:4a:8b:5c:3d:a8:0f:c9:48:47:30:c5:a4:17:87:5f:
         cb:aa:ca:b6:83:2b:bc:59:f7:b8:bf:cc:5c:ef:cf:9e:56:04:
         25:7d:5d:84:b4:6a:71:16:dc:07:94:bf:e3:34:5d:7e:20:e5:
         40:2e:d0:31:82:72:86:37:d7:10:1b:16:ec:7b:1d:2d:cf:eb:
         86:bb:76:0b:3a:c4:60:38:f7:43:53:c6:b7:42:e3:11:42:8a:
         0f:ec:9e:7b:04:4a:bf:8d:2b:1b:4a:78:ca:33:94:02:d5:ad:
         41:23:d1:da:20:d1:99:01:08:7d:8f:d4:f3:c9:30:80:02:d8:
         19:85:06:bc:6c:36:ec:2a:af:cf:8b:97:84:79:b6:2d:98:b9:
         27:5b:b1:24:3c:77:ab:11:80:50:c6:4c:40:dd:c9:a9:cb:d4:
         05:45:fc:8c:83:03:9a:69:37:23:de:21:ec:14:1d:f8:e6:3a:
         11:66:94:9f:69:63:c8:89:9a:9b:8c:c8:8a:59:4f:cf:39:a7:
         e8:97:39:c9:b9:82:1c:4d:14:09:7a:18:c7:9a:ac:ce:c5:0c:
         b6:e3:ae:03
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZMIBAW2My721W7dhsC9QrWQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExOGJhNGVmOTAxYWFjMTA4NzZjY2Y5NzZhNWY3ZDE2YzRj
YTc5ZjAwHhcNMjQxMTA3MTkwNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWZlNTExOGM0YjIzNmNkMzMxNDViMmFiZWQwNDQ1OTM5NjUxOTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzSxRktjsVHmubstPcLxhF7q1Dp6
BbV4r98rh28vVu6UoYrb3vtDxb4aCn9vZw38rQiGDl0GBtXXMfoi3RfBBcrLqYMT
8pN5/2iNM4kDhk0DomyW+ArNa9w0OPhzcidw1D/tCssEKC21EMqHqAtUnXny1IVh
14JrgwcwwpzjVHWScdjBP1TCfnOko3gj5iEAx7lylBrislZnc3wfLw13v7dgh1im
J0iHELe4iuOHFhYQmISOYzja+aNx6xGUMTwUD9/EizCxRfhZ140/f20c/V7iLHB3
DmrgY83d0PgYpP+90BiTQ/N3l18h+dNycqBZ9bVvhfzqDVj5Dz+K9suGnQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFKH+URjEsjbNMxRbKr7QRFk5ZRkDMB8GA1UdIwQY
MBaAFBGLpO+QGqwQh2zPl2pffRbEynnwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVl1azc1QWFyQkNIYk0tWGFsOTlGc1RLZWZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9iZDRkOGQtOTM4MC00MGU5LTgxNDIt
ZjJiNGVmYmE1OWJjLzEvb2Y1UkdNU3lOczB6RkZzcXZ0QkVXVGxsR1FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9iZDRkOGQtOTM4MC00MGU5LTgxNDItZjJiNGVmYmE1OWJj
LzEvRVl1azc1QWFyQkNIYk0tWGFsOTlGc1RLZWZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYEKgNWQAAD
BgQqA1ZA8DANBgkqhkiG9w0BAQsFAAOCAQEAozpUiRkQHPZCdylsIZfqFPGghb2o
7xCjPhZ4PQ9X/arJjls3DNxGSotcPagPyUhHMMWkF4dfy6rKtoMrvFn3uL/MXO/P
nlYEJX1dhLRqcRbcB5S/4zRdfiDlQC7QMYJyhjfXEBsW7HsdLc/rhrt2CzrEYDj3
Q1PGt0LjEUKKD+yeewRKv40rG0p4yjOUAtWtQSPR2iDRmQEIfY/U88kwgALYGYUG
vGw27Cqvz4uXhHm2LZi5J1uxJDx3qxGAUMZMQN3JqcvUBUX8jIMDmmk3I94h7BQd
+OY6EWaUn2ljyImam4zIillPzzmn6Jc5ybmCHE0UCXoYx5qszsUMtuOuAw==
-----END CERTIFICATE-----